Tag Windows

North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware

Oct 09, 2024
Phishing Attack / Malware

Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…

North Korean Hackers Exploit Job Seekers with Deceptive Interviews Delivering Cross-Platform Malware October 9, 2024 In a sophisticated cyber campaign, threat actors linked to North Korea have been targeting tech industry job seekers to disseminate advanced malware variants known as BeaverTail and InvisibleFerret. This malicious activity, monitored by Palo Alto…

Read More

North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware

Oct 09, 2024
Phishing Attack / Malware

Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…

New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection

Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”

New CRON#TRAP Malware Targets Windows Systems via Linux Virtual Machine, Evading Detection November 8, 2024 Cybersecurity experts have identified a sophisticated malware campaign dubbed CRON#TRAP that infiltrates Windows systems through a concealed Linux virtual machine (VM). This innovative approach allows the malware to evade traditional antivirus defenses by operating in…

Read More

New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection

Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”

Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents

Cyber Espionage / Threat Intelligence
July 08, 2025

An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.

Unveiling Batavia: New Spyware Targeting Russian Firms for Cyber Espionage In a recent development within the sphere of cyber espionage, researchers have identified a previously unreported piece of Windows spyware dubbed Batavia, specifically designed to infiltrate Russian organizations. This activity, which cybersecurity firm Kaspersky reports has been ongoing since July…

Read More

Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents

Cyber Espionage / Threat Intelligence
July 08, 2025

An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.

Feds Alert Health and Other Industries About Interlock Risks

Fraud Management & Cybercrime , Healthcare , Industry Specific Healthcare Sector Targeted by Ransomware Group Interlock, Emerging Since 2024 Marianne Kolbasuk McGee (HealthInfoSec) • July 23, 2025 Image: Interlock U.S. officials have raised concerns about the ransomware group Interlock, which has recently targeted a variety of sectors, notably healthcare, using…

Read MoreFeds Alert Health and Other Industries About Interlock Risks

FBI and CISA Alert: Interlock Ransomware Threatens Critical Infrastructure

The Federal Bureau of Investigation (FBI), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a critical alert regarding the intensified activities of the Interlock ransomware group. This group is…

Read MoreFBI and CISA Alert: Interlock Ransomware Threatens Critical Infrastructure

Critical Vulnerabilities, Threats, and Data Breach Incidents

The ever-changing digital environment is teeming with sophisticated cyber threats, necessitating vigilance and up-to-date knowledge. Our weekly newsletter acts as an essential resource, combining critical cybersecurity updates, expert insights, and practical strategies to empower business leaders in fortifying their defenses against emerging risks. This week’s dispatch features a comprehensive examination…

Read MoreCritical Vulnerabilities, Threats, and Data Breach Incidents

Metadata Indicates That the FBI’s ‘Raw’ Jeffrey Epstein Prison Video Was Probably Altered

Department of Justice Releases Surveillance Footage in Epstein Case, Raising New Questions This week, the United States Department of Justice made public nearly 11 hours of surveillance footage captured near Jeffrey Epstein’s prison cell on the night before his death. The release aimed to dispel conspiracy theories surrounding Epstein’s apparent…

Read MoreMetadata Indicates That the FBI’s ‘Raw’ Jeffrey Epstein Prison Video Was Probably Altered

New Expert Insights Uncover Greater Issues Following Qantas Cyber Attack

The recent cyber attack on Qantas has sent shockwaves through the security community, highlighting the evolving methods employed by decentralized global hacking groups. Expert analysis has shed light on the agile and organized tactics that characterize these groups, prompting deeper scrutiny into the vulnerabilities that major corporations and their third-party…

Read MoreNew Expert Insights Uncover Greater Issues Following Qantas Cyber Attack